VYPR

CVEs

100,081 total · page 62 of 2,002

  • CVE-2026-42834HigMay 20, 2026
    risk 0.51cvss 7.8epss 0.00

    Improper access control in Windows Admin Center allows an authorized attacker to elevate privileges over a network.

  • CVE-2026-42383HigMay 20, 2026
    risk 0.49cvss 7.6epss 0.00

    Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in YITH YITH WooCommerce Product Add-Ons allows Blind SQL Injection. This issue affects YITH WooCommerce Product Add-Ons: from n/a through 4.29.0.

  • CVE-2026-41091HigKEVMay 20, 2026
    risk 0.63cvss 7.8epss 0.08

    Improper link resolution before file access ('link following') in Microsoft Defender allows an authorized attacker to elevate privileges locally.

  • CVE-2026-3593HigMay 20, 2026
    risk 0.48cvss 7.4epss 0.02

    A use-after-free vulnerability exists within the DNS-over-HTTPS implementation. This issue affects BIND 9 versions 9.20.0 through 9.20.22, 9.21.0 through 9.21.21, and 9.20.9-S1 through 9.20.22-S1. BIND 9 versions 9.18.0 through 9.18.48 and 9.18.11-S1 through 9.18.48-S1 are NOT…

  • CVE-2026-3039HigMay 20, 2026
    risk 0.49cvss 7.5epss 0.01

    BIND servers that are configured to use TKEY-based authentication via GSS-API tokens are vulnerable to excessive memory consumption when receiving and processing maliciously-constructed packets. Typically these servers will be found in Active Directory integrated DNS…

  • CVE-2026-29518HigMay 20, 2026
    risk 0.39cvss 7.0epss 0.00

    Rsync versions before 3.4.3 contain a time-of-check to time-of-use (TOCTOU) race condition in daemon file handling that allows attackers to redirect file writes outside intended directories by replacing parent directory components with symbolic links. Attackers with write access…

  • CVE-2025-11954HigMay 20, 2026
    risk 0.52cvss 8.0epss 0.00

    Cross-Site request forgery (CSRF) vulnerability in Sitemio Information Technologies Trade Ltd. Co. WISECP allows Cross Site Request Forgery. This issue affects WISECP: through 20022026. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.

  • CVE-2026-22315HigMay 20, 2026
    risk 0.47cvss 7.2epss 0.00

    Incorrect Privilege Assignment vulnerability in Mesalvo Meona Client Launcher Component, Mesalvo Meona Server Component enables the export  of user data, including cleartext passwords, via the SQL editor. This issue affects Meona Client Launcher Component: through 19.06.2020…

  • CVE-2026-0856HigMay 20, 2026
    risk 0.51cvss 7.8epss 0.00

    Improper Access Control vulnerability in Mesalvo Meona Client Launcher Component, Mesalvo Meona Server Component enables a normal user gaining access to the admin panel. This issue affects Meona Client Launcher Component: through 19.06.2020 15:11:49; Meona Server Component:…

  • CVE-2026-9064HigMay 20, 2026
    risk 0.49cvss 7.5epss 0.01

    A flaw was found in 389-ds-base. The get_ldapmessage_controls_ext() function in the LDAP server does not enforce an upper bound on the number of controls per LDAP message. A remote, unauthenticated attacker can send a specially crafted LDAP request containing hundreds of…

  • CVE-2026-44933HigMay 20, 2026
    risk 0.51cvss 7.8epss 0.00

    `PluginScript` attempts to `chroot` the plugin to the `repoManagerRoot`, this root is frequently `/` (the system root) in standard configurations or when using `--root`. If the chroot target is `/`, it is a no-op, allowing the traversed path to execute host binaries (like…

  • CVE-2026-42959HigMay 20, 2026
    risk 0.42cvss 7.5epss 0.01

    NLnet Labs Unbound up to and including version 1.25.0 has a denial of service vulnerability in the DNSSEC validator that can lead to a crash given malicious upstream replies. When Unbound constructs chase-reply messages for validation, the code uses the wrong counter to…

  • CVE-2026-42944HigMay 20, 2026
    risk 0.42cvss 7.5epss 0.01

    NLnet Labs Unbound 1.14.0 up to and including version 1.25.0 has a vulnerability that results in heap overflow when encoding multiple NSID and/or DNS Cookie EDNS and/or EDNS Padding options in the reply packet. The relevant options ('nsid', 'answer-cookie', 'pad-responses'…

  • CVE-2026-41292HigMay 20, 2026
    risk 0.42cvss 7.5epss 0.01

    NLnet Labs Unbound up to and including version 1.25.0 is vulnerable to a degradation of service attack related to parsing long lists of incoming EDNS options. An adversary sending queries with too many EDNS options can hold Unbound threads hostage while they are parsing and…

  • CVE-2026-41054HigMay 20, 2026
    risk 0.44cvss 7.8epss 0.00

    In `src/havegecmd.c`, the `socket_handler` function performs a credential check on the abstract UNIX socket (`\0/sys/entropy/haveged`). However, while it detects if the connecting user is not root (`cred.uid != 0`) and prepares a negative acknowledgement (`ASCII_NAK`), it…

  • CVE-2026-40622HigMay 20, 2026
    risk 0.42cvss 7.5epss 0.00

    NLnet Labs Unbound 1.16.2 up to and including version 1.25.0 has a vulnerability of the 'ghost domain names' family of attacks that could extend the ghost domain window by up to one cached TTL configured value. Similar to other 'ghost domain names' attacks, an adversary needs to…

  • CVE-2026-5200HigMay 20, 2026
    risk 0.50cvss 8.8epss 0.00

    The AcyMailing – An Ultimate Newsletter Plugin and Marketing Automation Solution for WordPress plugin for WordPress is vulnerable to Missing Authorization in versions up to, and including, 10.8.2. This is due to the plugin not properly verifying that a user is authorized to…

  • CVE-2026-47784HigMay 20, 2026
    risk 0.46cvss 8.1epss 0.01

    In memcached before 1.6.42, password data for SASL password database authentication has a timing side channel because memcmp is used by sasl_server_userdb_checkpass.

  • CVE-2026-47783HigMay 20, 2026
    risk 0.46cvss 8.1epss 0.01

    In memcached before 1.6.42, username data for SASL password database authentication has a timing side channel because a loop exits as soon as a valid username is found by sasl_server_userdb_checkpass.

  • CVE-2026-9057HigMay 20, 2026
    risk 0.53cvss 8.2epss 0.00

    A broken access control issue has been identified in the Talend Administration Center, that allows a user with “View” permission to modify the Talend Studio update URL. This issue was resolved in a patch, which is already available.

  • CVE-2026-7522HigMay 20, 2026
    risk 0.57cvss 8.8epss 0.01

    The Advanced Database Cleaner – Premium plugin for WordPress is vulnerable to Local File Inclusion in versions up to, and including, 4.1.0 via the 'template' parameter. This makes it possible for authenticated attackers, with Subscriber-level access and above, to include and…

  • CVE-2026-9010HigMay 20, 2026
    risk 0.49cvss 7.5epss 0.00

    The Boost plugin for WordPress is vulnerable to time-based SQL Injection via the 'current_url' and 'user_name' parameters in versions up to, and including, 2.0.3 due to insufficient escaping on the user supplied parameters and lack of sufficient preparation on the existing SQL…

  • CVE-2026-9003HigMay 20, 2026
    risk 0.49cvss 7.5epss 0.01

    E-LAN Hybrid Recording System developed by TONNET has a SQL Injection vulnerability, allowing unauthenticated remote attackers to inject arbitrary SQL commands to read database contents.

  • CVE-2026-7460HigMay 20, 2026
    risk 0.48cvss epss 0.00

    mailcow-dockerized contains a stored cross-site scripting vulnerability in the administrator Queue Manager. The Queue Manager fetches mail queue entries from /api/v1/get/mailq/all, copies server-controlled Postfix queue fields into DataTables rows, and renders several of those…

  • CVE-2026-24214HigMay 20, 2026
    risk 0.52cvss 8.0epss 0.01

    NVIDIA Triton Inference Server contains a vulnerability in the DALI backend where an attacker could cause an integer overflow. A successful exploit of this vulnerability might lead to code execution, data tampering, or denial of service.

  • CVE-2026-24213HigMay 20, 2026
    risk 0.52cvss 8.0epss 0.01

    NVIDIA Triton Inference Server contains a vulnerability in the DALI backend where an attacker could cause an out-of-bounds read. A successful exploit of this vulnerability might lead to code execution, data tampering, denial of service, or information disclosure.

  • CVE-2026-24210HigMay 20, 2026
    risk 0.49cvss 7.5epss 0.01

    NVIDIA Triton Inference Server contains a vulnerability where an attacker could cause an integer overflow. A successful exploit of this vulnerability might lead to denial of service.

  • CVE-2026-24209HigMay 20, 2026
    risk 0.49cvss 7.5epss 0.01

    NVIDIA Triton Inference Server contains a vulnerability where an attacker could cause a path traversal issue. A successful exploit of this vulnerability might lead to denial of service.

  • CVE-2026-24206HigMay 20, 2026
    risk 0.47cvss 7.3epss 0.01

    NVIDIA Triton Inference Server contains a vulnerability where an attacker could cause an authentication bypass. A successful exploit of this vulnerability might lead to escalation of privileges, denial of service, or information disclosure.

  • CVE-2026-24163HigMay 20, 2026
    risk 0.49cvss 7.5epss 0.01

    NVIDIA TRT-LLM for any platform contains a vulnerability in RPC testing, where an attacker could cause an unsafe deserialization. A successful exploit of this vulnerability might lead to code execution, denial of service, data tampering, and information disclosure.

  • CVE-2025-33255HigMay 20, 2026
    risk 0.49cvss 7.5epss 0.01

    NVIDIA TRT-LLM for any platform contains a vulnerability in MPI server, where an attacker could cause an unsafe deserialization. A successful exploit of this vulnerability might lead to code execution, denial of service, data tampering, and information disclosure.

  • CVE-2026-7467HigMay 20, 2026
    risk 0.57cvss 8.8epss 0.00

    The Read More & Accordion plugin for WordPress is vulnerable to Privilege Escalation in all versions up to, and including, 3.5.7. This is due to the 'RadMoreAjax::importData' function not restricting which database tables can be written to during import and not properly…

  • CVE-2026-6456HigMay 20, 2026
    risk 0.57cvss 8.8epss 0.00

    The Account Switcher plugin for WordPress is vulnerable to Privilege Escalation in all versions up to, and including, 1.0.2. This is due to the `rememberLogin` REST API endpoint using a loose comparison (`!=` instead of `!==`) for secret validation at `app/RestAPI.php:111`,…

  • CVE-2026-43618HigMay 20, 2026
    risk 0.46cvss 8.1epss 0.01

    Rsync version 3.4.2 and prior contain an integer overflow vulnerability in the compressed-token decoder where a 32-bit signed counter is not checked for overflow, allowing a malicious sender to trigger an overflow that causes the receiver process to read and return data from…

  • CVE-2026-3985HigMay 20, 2026
    risk 0.49cvss 7.5epss 0.00

    The Creative Mail – Easier WordPress & WooCommerce Email Marketing plugin for WordPress is vulnerable to SQL Injection via the 'checkout_uuid' parameter in all versions up to, and including, 1.6.9. This is due to insufficient escaping on the user supplied parameter and lack of…

  • CVE-2026-34463HigMay 19, 2026
    risk 0.49cvss epss 0.00

    Mantis Bug Tracker (MantisBT) is an open source issue tracker. Versions 2.28.1 and prior contain a Stored XSS vulnerability. When cloning an issue originating from a Project other than the current one, the clone form (bug_report_page.php) prepends the source Project name before…

  • CVE-2026-34358HigMay 19, 2026
    risk 0.53cvss 8.1epss 0.00

    CtrlPanel is open-source billing software for hosting providers. Versions 1.1.1 and prior contains a broken access control vulnerability where multiple admin controllers enforce permission checks on form display methods but omit equivalent checks on the corresponding write…

  • CVE-2026-34241HigMay 19, 2026
    risk 0.57cvss 8.7epss 0.00

    CtrlPanel is open-source billing software for hosting providers. Versions 1.1.1 and prior contain a Stored Cross-Site Scripting (XSS) vulnerability in the ticket reply notification system. Unsanitized reply content ($newmessage) is stored directly in database notification…

  • CVE-2026-39250HigMay 19, 2026
    risk 0.47cvss 7.3epss 0.00

    An authorization vulnerability exists in Innoshop 0.6.0. After logging into the frontend, an attacker can directly access backend application interfaces, leading to further dangerous operations.

  • CVE-2026-32882HigMay 19, 2026
    risk 0.46cvss 7.1epss 0.00

    libheif is a HEIF and AVIF file format decoder and encoder. Versions 1.21.2 and prior contain a heap buffer over-read in HeifPixelImage::overlay() in libheif/pixelimage.cc. When compositing an overlay image (iovl) whose child image has a different bit depth for the alpha channel…

  • CVE-2026-32741HigMay 19, 2026
    risk 0.46cvss 7.1epss 0.00

    libheif is a HEIF and AVIF file format decoder and encoder. Versions 1.21.2 and below contain a heap buffer overflow in MaskImageCodec::decode_mask_image(). When decoding a HEIF file containing a mask image (mski), the function copies the full iloc extent data into a pixel…

  • CVE-2026-46417higMay 19, 2026
    risk 0.38cvss epss 0.00

    ### Impact A Server-Side Request Forgery (SSRF) vulnerability exists in `@angular/platform-server`. The issue stems from how the server-side rendering (SSR) engine processes the request URL provided to the rendering entry points. When an absolute-form URL (e.g.,…

  • CVE-2026-46415higMay 19, 2026
    risk 0.38cvss epss 0.00

    ### Impact Caddy Defender used `r.RemoteAddr` when evaluating whether a request should be blocked. `RemoteAddr` is the address of the immediate peer connected to Caddy. In deployments where Caddy is behind a trusted proxy, CDN, or load balancer, the immediate peer is usually…

  • CVE-2026-32740HigMay 19, 2026
    risk 0.57cvss 8.8epss 0.01

    libheif is a HEIF and AVIF file format decoder and encoder. Versions 1.21.2 and prior contain a heap-buffer-overflow (write) vulnerability in the grid tile compositing, allowing an attacker to write 64 bytes of fully attacker-controlled data past the end of a chroma plane heap…

  • CVE-2026-27173HigMay 19, 2026
    risk 0.50cvss 8.7epss 0.00

    JWT tokens that were used by workers in Kubernetes Executors have been exposed to users who had read only access to Kuberentes Pods. This could allow users with just read-only access to perform actions that were only available to running tasks via Task SDK and potentially allow…

  • CVE-2026-46410higMay 19, 2026
    risk 0.39cvss epss 0.00

    ### Impact Some sensitive info -- such as source and path can get exposed. ### Patches Update to the latest version ### Workarounds no

  • CVE-2026-46378higMay 19, 2026
    risk 0.39cvss epss 0.00

    ### Summary `dasel`'s selector lexer enters a non-terminating loop when tokenizing an unterminated regex pattern such as `r/abc`. A 2-byte input (`r/`) is sufficient to cause the tokenizer to consume 100% CPU on one core indefinitely. I confirmed the issue on `v3.3.1`…

  • CVE-2026-46377higMay 19, 2026
    risk 0.38cvss epss 0.00

    ### Summary `dasel`'s selector lexer panics with an index-out-of-range error when tokenizing a quoted string that ends with a trailing backslash (e.g., `"\` or `'\`). A 2-byte input causes an immediate process crash via Go runtime panic. I confirmed the issue on `v3.3.1`…

  • CVE-2026-45805higMay 19, 2026
    risk 0.38cvss epss 0.00

    ### Summary The MCP module's `ReplServer` binds to all interfaces (`0.0.0.0:4403`) and exposes a `/execute` endpoint that runs arbitrary code with zero authentication. Anyone on the network can POST JavaScript and it runs on the server. The main `PenpotMcpServer` was partially…

  • CVE-2026-45799higMay 19, 2026
    risk 0.38cvss epss 0.00

    # CVE-2026-45799 ## Maintainer summary Wire's protobuf group-skipping logic did not reject negative lengths before skipping a length-delimited field inside a group. A crafted protobuf payload could cause Wire to throw an unchecked runtime exception during decoding instead of…